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What We Mean by Personal Data 

Definitions 



8 data protection principles 



3. Personal information 
must be adequate, 
relevant and not 
excessive 



1. Personal information 
must be fairly and 
lawfully processed 



2. Personal information 
must be processed 
for limited purposes 



ICO. 

Information Commissioner's Office 



7. Personal information 
must be secure 



4. Personal information must 
be accurate and up to date 






5. Personal information 
must not be kept 
for longer than is 
necessary 



8. Personal information 
must not be 
transferred to other 
countries without 
adequate protection 



6. Personal information 
must be processed 
in line with the data 
subjects' rights 



Licensed under OGL 3.0 




What We Mean by Personal Data 

Definitions 



Tracking: 

— "Behavioral advertising" 

— Process of using invisible digital markers on websites to 
collect information about visitors 

Packet: 

— Unit of data that is transferred from origin to destination 
via a network 

— may contain a number of file formats 

Cookie: 

— Small unit of information sent to browser to remember 
information about a user 

— Online shopping cart 




What We Mean by Data Collection 

Wireshark 



||| | Apply a display filter ... <8€/> 



Wireless controls are not supported in this version of Wireshark. 
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▼ Frame 


55: 


66 bytes on wire 


(528 bits), 66 bytes 


captured 


(528 


bits) on interface 0 



Interface id: 0 (en0) 

Encapsulation type: Ethernet (1) 

Arrival Time: Nov 18, 2015 09:32:53.817995000 PST 
[Time shift for this packet: 0.000000000 seconds] 
Epoch Time: 1447867973.817995000 seconds 
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Free Download at https://www.wireshark.org 



Data Collection as 

Government Surveillance 

Section 21 5 of the Section 702 of the 



Authority 


USA Patriot Act 


FISA Amendments Act 


FISA 


Executive Order 1 2333 


Scope 


Wholly domestic 
communications 


One end domestic 


Domestic 


Foreign-to-foreign 
communications [may 
include U.S. persons 
who are abroad] 


Kind 


Metadata 


Content 


Any 


Any 


Usage 


For an authorized 
investigation. . . 
to protect against 
inti terrorism or 
clandestine action 


Foreign intelligence 


"Necessary" to 
protect against 
hostile acts. 


Foreign Intelligence 



Eoyang, M. & Bishai, C. (2015). Restoring Trust between U.S. Companies and their 
Government on Surveillance Issues. Retrieved from 

http://www.thirdwav.org/report/restorinq-trust-between-us-companies-and-their- 

qovernment-on-surveillance-issues 



Data Collection as 
Government Surveillance 



• Snowden & 
PRISM 

• Jewel v. National 
Security 
Administration 
(NS A) 




Data Collection as 

Corporate Interest 




Search 

Engine 



Behaviors provide the clearest window into people’s desires and interests 



People qualify themselves for 
marketers by their own actions 



Typically, online advertisers 
broadcast to a place or wait for 
prospects through search... 



The result is that targeting 
becomes more efficient 



...Instead. Behavioral Targeting 

allows advertisers to deliver their 
message to audiences who have 

demonstrated interest 



Example: repeatedly reading about 
mortgages or clicking on a loan 
calculator 



Bottom Line: A lower cost per 
target for advertisers that is 
triggered by audience behavior 







Data Collection as 

Corporate Interest 



• "Data fire sale" 

• Hal F. Morris and True.com 







Data Collection as 

Theft or Crime 



• Hackers 

• Malware 

• Human Error 






Data Collection 

In the Library 



Doe v. 
Gonzalez 

Journal 

Databases 

Bib tools 





Data Collection 

At Caltech 



Microsoft® 

□□.Office 365 





labarchives 




Blackboard 



What are YOUR privacy 

concerns? 




Protecting Your Information 
Library Freedom Project: 



https://libraryfreedomproiect.org/resources/ 

privacytoolkit/ 



Protecting Your Information 

Threat Modeling 

EFF Exercise: 

https://ssd.eff.org/en/module/introduction- 

threat-modelinq 

Should I lock my door? 

What kind of locks do I need? 

What are my assets ? 

What is the threat? 



What is the actual risk? 



Privacy Basics 



Software 

About the security content of OS X El Capitan vl 0.1 
and Security Update 201 5-007 

This document describes the security content of OS X El Capitan vl 0.1 1.1 and 
Security Update 2015-007. 

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until 
investigation has occurred and any necessary patches or releases are available. To learn more about . 
Product Security, see the Apple Product Security website. 

For information about the Apple Product Security PGP Key, see How to use the Apple Product Securi 
PGP Key. 

Where possible, CVE IDs are used to reference the vulnerabilities for further information. 

To learn about other security updates, see Apple security updates. 

OS X El Capitan vl 0.1 1 .1 and Security Update 2015-007 

• Accelerate Framework 



Updates 

• Operating 
System 

• Application 
Updates 

Easy to find, 
Easy to exploit 



Privacy Basics 



Password Diversity 
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Through 2d years of effort weVe successfully trained 

EVERYONE 10 USE PASSWORDS TI-lflT ARE HARD FOR HUMANS 
To REMEMBER, BUT EASY FOR COMPUTERS TO GUESS. 



Retrieved from http://xkcd.com/936/ 



Privacy Basics 

Password Diversity 

No patterns or words 

Consider a password manager: 

- Last Pass ( 

https://addons.mozi l la.org/en-us/firefox/ 

addon/lastpass-password-manaqer/) 

• Mozilla extension 

• Proprietary 

- KeePass (http://keepass.info/ ) 

• Truly open 

• Sweet password generator 



Encryption Tools 

Why Encrypt? 



Reduce ad exhaustion 

Protect information on any network 

Maintain legal protection 




Encryption Tools 

NoScript 

https://noscript.net/qetit 
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Image CC-3.0-SA from EFF.org 




Encryption Tools 

Privacy Badger 

https://www.efF.org/privacybadqer 



Alteration of 
Adblock 

Blocks tracking 
files 

Electronic Frontier 
Foundation (EFF) 







Privacy Badger 

Privacy Badger is protecting you on this page. 
These sliders let you control how privacy badger 
handles each tracker. 



s7.addthis.com 



search.usa.gov 





searchstats.usa.gov 



www.google-analytics.com 



Disable Privacy Badger for This Site 



Deactivate Privacy Badger 



What is Privacy Badger? 




Image CC-3.0-SA from E FF.org 




Encryption Tools 

Search Engine 



https://duckduckqo.com 



Doesn't track 
Doesn't rank 



DuckDuckGo 




Give it a 
shot! 
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Encryption Tools 

HTTPS Everywhere 

https://www.eff.org/https-evervwhere 



Why HTTPS? 
Chrome extension 
How it works 



HTTP vs HTTPS 




Encryption Tools 

Disk Encryption 

Why Disk Encryption? 

Available with OS 

- Filevault (OS X): 

https://support.apple.com/en-us/HT204837 

- Bitlocker (Windows): 

http://windows.microsoft.com/en-US/windows-vista/ 

BitLocker-Dr i ve-Encryption-Overview 

- LUKS (GNU/Linux): 

https://Ritlab.com/cryptsetup/cryptsetup/blob/ 

master/README.md 

Veracrypt: https://veracrypt.codeplex.com/ 



Wrap Up 



Would you be interested in a workshop on any 

of the following tool groups? 



PASSWORDS 

KeePass 

LastPass 

Yubikey 

BROWSER-BASED 

TOOLS 

Firefox Privacy Tools 
TOR 

HTTPS Everywhere 



NETWORK 

ANALYSIS 

Wireshark 

DISK ENCRYPTION 

Filevault 
Bitlocker 
LUCKS 
Vera crypt 



LOCAL FILE 
MAINTENANCE 

Ccleaner 

Bleachbit 



MOBILE PROTECTIONS 



Signal 




Thanks! 

Heather Wilson 

Acquisitions and Electronic Resources 

Librarian 

@authcontroller 

hwilson@caltech.edu 

For information about future classes, visit: 
http://library.caltech.edu 



http://libguides.caltech.edu/instruction 



